Abstract
Dimensionality reduction techniques can be used to visualize high dimensionality data. In this paper, the use of such techniques has been studied to reduce the dimensionality of botnet data so that one can visualize it. Visualization process helps identifying botnet traffic from normal traffic using NetFlows only, in order to define a way to aggregate and extract the feature from known datasets. The key for aggregating flows method used in this paper is composed of four parts: the type of transport layer protocol, source address, and destination address and destination port. The source port is not part the aggregation key to derive features from it. The t-Distributed Stochastic Neighbor Embedding (t-SNE) is used to transform the dataset into distinct clusters of behaviors: Normal behaviors, botnet behaviors, and common behaviors. The proposed method would allow researchers to know where to start when they are handed thousands or millions of NetFlows.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
